Replace go-jose v3 with v4 (#480)

gogatekeeper · Jul 3, 2024 · 85a4b80 · 85a4b80
1 parent bf960df
commit 85a4b80
Show file tree

Hide file tree

Showing 14 changed files with 47 additions and 54 deletions.
diff --git a/go.mod b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a
 	github.com/fsnotify/fsnotify v1.7.0
 	github.com/go-chi/chi/v5 v5.0.4
-	github.com/go-jose/go-jose/v3 v3.0.3
+	github.com/go-jose/go-jose/v4 v4.0.1
 	github.com/go-resty/resty/v2 v2.7.0
 	github.com/gofrs/uuid v4.0.0+incompatible
 	github.com/grokify/go-pkce v0.2.0
@@ -54,7 +54,6 @@ require (
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
-	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect

diff --git a/go.sum b/go.sum
@@ -88,8 +88,6 @@ github.com/go-chi/chi/v5 v5.0.4 h1:5e494iHzsYBiyXQAHHuI4tyJS9M3V84OuX3ufIIGHFo=
 github.com/go-chi/chi/v5 v5.0.4/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
 github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
-github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
-github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
 github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=
 github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -273,12 +271,10 @@ go.uber.org/zap v1.19.0 h1:mZQZefskPPCMIBCSEH0v2/iUqqLrYtaeqwD6FUGUnFE=
 go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
 golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -287,16 +283,13 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/oauth2 v0.14.0 h1:P0Vrf/2538nmC0H+pEQ3MNFRRnVR7RlqyVw+bvm26z0=
 golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74OwM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190204203706-41f3e6584952/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -309,23 +302,17 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
-golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -334,7 +321,6 @@ golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3
 golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

diff --git a/pkg/constant/constant.go b/pkg/constant/constant.go
@@ -1,6 +1,10 @@
 package constant
 
-import "time"
+import (
+	"time"
+
+	"github.com/go-jose/go-jose/v4"
+)
 
 type contextKey int8
 
@@ -72,3 +76,5 @@ const (
 
 	InvalidCookieDuration = -10 * time.Hour
 )
+
+var SignatureAlgs = [3]jose.SignatureAlgorithm{jose.RS256, jose.HS256, jose.HS512}
diff --git a/pkg/keycloak/proxy/handlers.go b/pkg/keycloak/proxy/handlers.go
@@ -30,7 +30,8 @@ import (
 
 	"github.com/Nerzal/gocloak/v12"
 	oidc3 "github.com/coreos/go-oidc/v3/oidc"
-	"github.com/go-jose/go-jose/v3/jwt"
+	"github.com/go-jose/go-jose/v4"
+	"github.com/go-jose/go-jose/v4/jwt"
 	"github.com/gogatekeeper/gatekeeper/pkg/apperrors"
 	"github.com/gogatekeeper/gatekeeper/pkg/constant"
 	"github.com/gogatekeeper/gatekeeper/pkg/encryption"
@@ -452,7 +453,7 @@ func loginHandler(
 
 			accessToken := token.AccessToken
 			refreshToken := ""
-			accessTokenObj, err := jwt.ParseSigned(token.AccessToken)
+			accessTokenObj, err := jwt.ParseSigned(token.AccessToken, []jose.SignatureAlgorithm{jose.RS256})
 			if err != nil {
 				return http.StatusNotImplemented,
 					errors.Join(apperrors.ErrParseAccessToken, err)
@@ -523,7 +524,7 @@ func loginHandler(
 				var expiration time.Duration
 				// notes: not all idp refresh tokens are readable, google for example, so we attempt to decode into
 				// a jwt and if possible extract the expiration, else we default to 10 days
-				refreshTokenObj, errRef := jwt.ParseSigned(token.RefreshToken)
+				refreshTokenObj, errRef := jwt.ParseSigned(token.RefreshToken, constant.SignatureAlgs[:])
 				if errRef != nil {
 					return http.StatusInternalServerError,
 						errors.Join(apperrors.ErrParseRefreshToken, err)

diff --git a/pkg/keycloak/proxy/misc.go b/pkg/keycloak/proxy/misc.go
@@ -25,7 +25,7 @@ import (
 
 	"github.com/Nerzal/gocloak/v12"
 	oidc3 "github.com/coreos/go-oidc/v3/oidc"
-	"github.com/go-jose/go-jose/v3/jwt"
+	"github.com/go-jose/go-jose/v4/jwt"
 	"github.com/gogatekeeper/gatekeeper/pkg/apperrors"
 	"github.com/gogatekeeper/gatekeeper/pkg/authorization"
 	configcore "github.com/gogatekeeper/gatekeeper/pkg/config/core"
@@ -125,7 +125,7 @@ func getPAT(
 
 		initialized = true
 
-		parsedToken, err := jwt.ParseSigned(token.AccessToken)
+		parsedToken, err := jwt.ParseSigned(token.AccessToken, constant.SignatureAlgs[:])
 		if err != nil {
 			retry++
 			logger.Error("failed to parse the access token", zap.Error(err))
@@ -324,7 +324,7 @@ func refreshUmaToken(
 		return nil, err
 	}
 
-	token, err := jwt.ParseSigned(tok.AccessToken)
+	token, err := jwt.ParseSigned(tok.AccessToken, constant.SignatureAlgs[:])
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/proxy/handlers/handlers.go b/pkg/proxy/handlers/handlers.go
@@ -24,7 +24,7 @@ import (
 	"net/http/pprof"
 
 	"github.com/go-chi/chi/v5"
-	"github.com/go-jose/go-jose/v3/jwt"
+	"github.com/go-jose/go-jose/v4/jwt"
 	"github.com/gogatekeeper/gatekeeper/pkg/apperrors"
 	"github.com/gogatekeeper/gatekeeper/pkg/constant"
 	"github.com/gogatekeeper/gatekeeper/pkg/encryption"
@@ -259,7 +259,7 @@ func TokenHandler(
 			return
 		}
 
-		token, err := jwt.ParseSigned(user.RawToken)
+		token, err := jwt.ParseSigned(user.RawToken, constant.SignatureAlgs[:])
 		if err != nil {
 			accessError(wrt, req)
 			return

diff --git a/pkg/proxy/middleware/oauth.go b/pkg/proxy/middleware/oauth.go
@@ -8,7 +8,7 @@ import (
 	"time"
 
 	oidc3 "github.com/coreos/go-oidc/v3/oidc"
-	"github.com/go-jose/go-jose/v3/jwt"
+	"github.com/go-jose/go-jose/v4/jwt"
 	"github.com/gogatekeeper/gatekeeper/pkg/apperrors"
 	"github.com/gogatekeeper/gatekeeper/pkg/constant"
 	"github.com/gogatekeeper/gatekeeper/pkg/encryption"

diff --git a/pkg/proxy/session/token.go b/pkg/proxy/session/token.go
@@ -11,7 +11,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/go-jose/go-jose/v3/jwt"
+	"github.com/go-jose/go-jose/v4/jwt"
 	"github.com/gogatekeeper/gatekeeper/pkg/apperrors"
 	"github.com/gogatekeeper/gatekeeper/pkg/constant"
 	"github.com/gogatekeeper/gatekeeper/pkg/encryption"
@@ -151,7 +151,7 @@ func GetIdentity(
 		}
 
 		rawToken := access
-		token, err := jwt.ParseSigned(access)
+		token, err := jwt.ParseSigned(access, constant.SignatureAlgs[:])
 		if err != nil {
 			return nil, err
 		}
@@ -278,7 +278,7 @@ func GetAccessCookieExpiration(
 	// refresh token
 	duration := accessTokenDuration
 
-	webToken, err := jwt.ParseSigned(refresh)
+	webToken, err := jwt.ParseSigned(refresh, constant.SignatureAlgs[:])
 	if err != nil {
 		logger.Error("unable to parse token")
 	}

diff --git a/pkg/testsuite/fake_authserver.go b/pkg/testsuite/fake_authserver.go
@@ -17,8 +17,8 @@ import (
 
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
-	jose2 "github.com/go-jose/go-jose/v3"
-	"github.com/go-jose/go-jose/v3/jwt"
+	jose2 "github.com/go-jose/go-jose/v4"
+	"github.com/go-jose/go-jose/v4/jwt"
 	configcore "github.com/gogatekeeper/gatekeeper/pkg/config/core"
 	"github.com/gogatekeeper/gatekeeper/pkg/constant"
 	"github.com/gogatekeeper/gatekeeper/pkg/proxy/models"
@@ -126,7 +126,7 @@ func (t *FakeToken) GetToken() (string, error) {
 	}
 
 	b := jwt.Signed(signer).Claims(&t.Claims)
-	jwt, err := b.CompactSerialize()
+	jwt, err := b.Serialize()
 	if err != nil {
 		return "", err
 	}
@@ -158,7 +158,7 @@ func (t *FakeToken) GetUnsignedToken() (string, error) {
 	}
 
 	b := jwt.Signed(signer).Claims(&t.Claims)
-	jwt, err := b.CompactSerialize()
+	jwt, err := b.Serialize()
 
 	if err != nil {
 		return "", err
@@ -484,7 +484,7 @@ func (r *fakeAuthServer) userInfoHandler(wrt http.ResponseWriter, req *http.Requ
 		return
 	}
 
-	token, err := jwt.ParseSigned(items[1])
+	token, err := jwt.ParseSigned(items[1], constant.SignatureAlgs[:])
 
 	if err != nil {
 		wrt.WriteHeader(http.StatusUnauthorized)
@@ -615,7 +615,7 @@ func (r *fakeAuthServer) tokenHandler(writer http.ResponseWriter, req *http.Requ
 			"error_description": "invalid client credentials",
 		})
 	case configcore.GrantTypeRefreshToken:
-		oldRefreshToken, err := jwt.ParseSigned(req.FormValue("refresh_token"))
+		oldRefreshToken, err := jwt.ParseSigned(req.FormValue("refresh_token"), constant.SignatureAlgs[:])
 
 		if err != nil {
 			writer.WriteHeader(http.StatusInternalServerError)

diff --git a/pkg/testsuite/handlers_test.go b/pkg/testsuite/handlers_test.go
@@ -25,7 +25,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/go-jose/go-jose/v3/jwt"
+	"github.com/go-jose/go-jose/v4/jwt"
 	"github.com/gogatekeeper/gatekeeper/pkg/apperrors"
 	"github.com/gogatekeeper/gatekeeper/pkg/authorization"
 	"github.com/gogatekeeper/gatekeeper/pkg/constant"
@@ -461,7 +461,7 @@ func TestTokenEncryptionLoginHandler(t *testing.T) {
 					ExpectedCookies: map[string]string{cfg.CookieAccessName: ""},
 					ExpectedCookiesValidator: map[string]func(*testing.T, *config.Config, string) bool{
 						cfg.CookieAccessName: func(t *testing.T, config *config.Config, rawToken string) bool {
-							token, err := jwt.ParseSigned(rawToken)
+							token, err := jwt.ParseSigned(rawToken, constant.SignatureAlgs[:])
 							if err != nil {
 								return false
 							}
@@ -512,7 +512,7 @@ func TestTokenEncryptionLoginHandler(t *testing.T) {
 					},
 					ExpectedCookiesValidator: map[string]func(*testing.T, *config.Config, string) bool{
 						cfg.CookieAccessName: func(t *testing.T, config *config.Config, rawToken string) bool {
-							token, err := jwt.ParseSigned(rawToken)
+							token, err := jwt.ParseSigned(rawToken, constant.SignatureAlgs[:])
 							if err != nil {
 								return false
 							}

diff --git a/pkg/testsuite/middleware_test.go b/pkg/testsuite/middleware_test.go
@@ -47,7 +47,7 @@ import (
 	"github.com/gogatekeeper/gatekeeper/pkg/proxy/session"
 	"github.com/gogatekeeper/gatekeeper/pkg/utils"
 
-	"github.com/go-jose/go-jose/v3/jwt"
+	"github.com/go-jose/go-jose/v4/jwt"
 
 	opaserver "github.com/open-policy-agent/opa/server"
 )
@@ -1649,7 +1649,7 @@ func checkAccessTokenEncryption(t *testing.T, cfg *config.Config, value string)
 		return false
 	}
 
-	token, err := jwt.ParseSigned(rawToken)
+	token, err := jwt.ParseSigned(rawToken, constant.SignatureAlgs[:])
 
 	if err != nil {
 		return false
@@ -1671,7 +1671,7 @@ func checkRefreshTokenEncryption(_ *testing.T, cfg *config.Config, value string)
 		return false
 	}
 
-	_, err = jwt.ParseSigned(rawToken)
+	_, err = jwt.ParseSigned(rawToken, constant.SignatureAlgs[:])
 
 	return err == nil
 }

diff --git a/pkg/testsuite/server_test.go b/pkg/testsuite/server_test.go
@@ -30,7 +30,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/go-jose/go-jose/v3/jwt"
+	"github.com/go-jose/go-jose/v4/jwt"
 	"github.com/gogatekeeper/gatekeeper/pkg/apperrors"
 	"github.com/gogatekeeper/gatekeeper/pkg/authorization"
 	configcore "github.com/gogatekeeper/gatekeeper/pkg/config/core"
@@ -136,7 +136,7 @@ func TestAuthTokenHeader(t *testing.T) {
 					ExpectedCode:  http.StatusOK,
 					ExpectedProxyHeadersValidator: map[string]func(*testing.T, *config.Config, string){
 						"X-Auth-Token": func(t *testing.T, c *config.Config, value string) {
-							_, err := jwt.ParseSigned(value)
+							_, err := jwt.ParseSigned(value, constant.SignatureAlgs[:])
 							require.NoError(t, err, "Problem parsing X-Auth-Token")
 							assert.False(t, checkAccessTokenEncryption(t, c, value))
 						},
@@ -147,7 +147,7 @@ func TestAuthTokenHeader(t *testing.T) {
 					ExpectedProxy: true,
 					ExpectedProxyHeadersValidator: map[string]func(*testing.T, *config.Config, string){
 						"X-Auth-Token": func(t *testing.T, c *config.Config, value string) {
-							_, err := jwt.ParseSigned(value)
+							_, err := jwt.ParseSigned(value, constant.SignatureAlgs[:])
 							require.NoError(t, err, "Problem parsing X-Auth-Token")
 							assert.False(t, checkAccessTokenEncryption(t, c, value))
 						},
@@ -173,7 +173,7 @@ func TestAuthTokenHeader(t *testing.T) {
 					ExpectedCode:  http.StatusOK,
 					ExpectedProxyHeadersValidator: map[string]func(*testing.T, *config.Config, string){
 						"X-Auth-Token": func(t *testing.T, c *config.Config, value string) {
-							_, err := jwt.ParseSigned(value)
+							_, err := jwt.ParseSigned(value, constant.SignatureAlgs[:])
 							require.NoError(t, err, "Problem parsing X-Auth-Token")
 							assert.False(t, checkAccessTokenEncryption(t, c, value))
 						},
@@ -184,7 +184,7 @@ func TestAuthTokenHeader(t *testing.T) {
 					ExpectedProxy: true,
 					ExpectedProxyHeadersValidator: map[string]func(*testing.T, *config.Config, string){
 						"X-Auth-Token": func(t *testing.T, c *config.Config, value string) {
-							_, err := jwt.ParseSigned(value)
+							_, err := jwt.ParseSigned(value, constant.SignatureAlgs[:])
 							require.NoError(t, err, "Problem parsing X-Auth-Token")
 							assert.False(t, checkAccessTokenEncryption(t, c, value))
 						},

diff --git a/pkg/testsuite/session_test.go b/pkg/testsuite/session_test.go
@@ -21,7 +21,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/go-jose/go-jose/v3/jwt"
+	"github.com/go-jose/go-jose/v4/jwt"
 	"github.com/gogatekeeper/gatekeeper/pkg/apperrors"
 	"github.com/gogatekeeper/gatekeeper/pkg/constant"
 	"github.com/gogatekeeper/gatekeeper/pkg/keycloak/config"
@@ -260,7 +260,7 @@ func TestGetUserContext(t *testing.T) {
 	token.addClientRoles("client", []string{"client"})
 	jwtToken, err := token.GetToken()
 	require.NoError(t, err)
-	webToken, err := jwt.ParseSigned(jwtToken)
+	webToken, err := jwt.ParseSigned(jwtToken, constant.SignatureAlgs[:])
 	require.NoError(t, err)
 	context, err := session.ExtractIdentity(webToken)
 	require.NoError(t, err)
@@ -277,7 +277,7 @@ func TestGetUserRealmRoleContext(t *testing.T) {
 	token.addRealmRoles(roles)
 	jwtToken, err := token.GetToken()
 	require.NoError(t, err)
-	webToken, err := jwt.ParseSigned(jwtToken)
+	webToken, err := jwt.ParseSigned(jwtToken, constant.SignatureAlgs[:])
 	require.NoError(t, err)
 	context, err := session.ExtractIdentity(webToken)
 	require.NoError(t, err)
@@ -294,7 +294,7 @@ func TestUserContextString(t *testing.T) {
 	token := NewTestToken("test")
 	jwtToken, err := token.GetToken()
 	require.NoError(t, err)
-	webToken, err := jwt.ParseSigned(jwtToken)
+	webToken, err := jwt.ParseSigned(jwtToken, constant.SignatureAlgs[:])
 	require.NoError(t, err)
 	context, err := session.ExtractIdentity(webToken)
 	require.NoError(t, err)